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REMARKS 

The Applicant and the undersigned thank Examiner Laforgia for his careful review of this 
Application. Consideration of the present application is respectfully requested in Hgjit of the 
above amendments to the specification and claims and in view of the following remarks* Clain^s 
1-8 and 10-47 have been rejected and the specification has been objected to. Applicant has 
amended the specification and Claim 10* Upon entry of the amendments. Claims 1-8 and 10-47 
are pending in the subject application with none having been allowed. The indcpend^t claims 
for this application are Claims 1, 7, 10, and 37. 

L Obiectioii to die SpedficatioD Due to Informalities 

The Examiner objected to page 4 of the specification because the term "a" was defined to 
include plural references. The Applicant has amended the paragraph to remove the objectionable 
matter. The amended specification does not contain any new matter. Accordingly, 
reconsid^Btion and withdrawal of the objection to the specification are respectfiilly requested. 

n- Claim Refections nnder 35 U.S.C, 8 112, first paragraph 

The Examiner rejected Claims 10 and 24-47 under 35 U.S.C. § 112, first paragr^h, for 
failing to comply with the enablement requirement. The Examiner asserts that Claims 10 and 
24-47 contain subject matter which was not described in the specification in such a way as to 
enable one skilled in the art to which it pertains to make or use the invention. Office Action^ at 2. 
The Examiner fiuther asserts that the specification contains insuf&cient support for claim 
limitations related to "recording the scheduled security audit scan in a database." Office Action^ 
at 3. 

The rejection of independent Claims 10 and 37 is respectfully traversed. It is respectfully 
submitted that the specification, as filed, provides sufficient support to enable a person of 
ordinary skill in the art to record the scheduled security audit scan in a database. In order to 
satisfy the enablement requirement a "specification shall contain a written description of the 
invention, and of the manner and process of making and using it, in such full, clear, concise, and 
exact terms as to enable any person skilled in the art to which it pertains, or with which it is 
most nearly connected, to make and use the same ..." 35 U.S.C. § 112, first paragraph 
(emphasis added). However, every aspect of a generic claim does not have to be cxemphfied in 
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the specification, GenentecK Inc. v. Novo Nordisk A/S> 108 F.3d 1361, 1366 (Fed Cir. 1997). 
The specification need not teach what is weU known in the art. Hvbritech v. Monoclonal 
Antibodies. Inc.. 802, R2d 1367, 1384 (Fed. Cir. 1986). 

It is respectfully submitted that a person of ordinary skill in the art of computing security 
systems would have the knowledge necessary to accomplish the step of storing information in a 
database. The specification provides that the "central computer is programmed to perform the 
following operations: evaluate a database to determine if a security audit scan is cuixentiy 
scheduled to be run for a user.,-." Specification, page 3:8-10. The specification further sets 
fordi that the "database is accessed to determine when a security audit scan of a computer system 
is to be executed." Specification, page 3:23-24. Thus, the specification clearly sets forth that 
security audit scan scheduling information is contained in a database and that it can be accessed 
fit)m a database. 

Furthennore, Satyavolu teaches that the *'[a]rchitecture 115 comprises at least one 
scheduled update server 127 adapted to enter into and identify data-gathering job assignments 
that are stored in a database. A database holding such work may be stored in such as a mass 
repository 129 that is illustrated as connected to server 127." Satyavolu, coL 5:59-66. In the 
Office Action, Examiner contends that this statement in Satyavolu discloses recording the 
schedule in a database. Office Action at 9. Thus, even the Examiner realizes that a person of 
ordinary skill in the art of the application would inherently know how to place something into a 
database based on a disclosure that provides that the information is stored in the database. 
Accordingly, reconsideration and withdrawal of the rejection of independent Claims 10 and 37 
is respectfully requested. 

in. Clatm ReiectioDS cnder 35 U,S,C, S 103(a> 

The Exanuner rejected Claims l-6» 14, 21, 23, 26, 31, 36, 40, 45, and 47 under 35 U.S.C. 
§ 103(a) as being unpatentable over U.S. Patent No. 6;J05,552 to Fudge CFudge*^ in view of 
U.S. Patent No. 6,347,374 to Drake, et al CDrake") and further in view of U.S. Patent No. 
6»1 85,689 to Todd, et al CTodd") and U.S. Patent No. 6,517,587 to Satyavolu, et al 
CSatyavolu''), The Examiner rejected Claims 7, 8, 10^13, 15, 16, 20. 22, 24, 27-30, 35, 37-39, 
41, 44, and 46 under 35 U.S.C, § 103(a) as being unpatentable over Todd in view of Satyavolu. 
The Examiner rejected Claims 17-19, 25, 32-34, 42, and 43 under 35 U.S.C. § 103(a) as being 
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unpatentable over Todd in view of Satyavolu and further in view of Fudge. The Applicant 

respectfully offers the following remarks to traverse these pending rejections. 

A. The Invention of Independent Claim 1 is Distmguishable from the Fud^e in view of 
Satyavolu 

The rejection of independent Claim 1 is respectfully traversed. It is respectfully 

submitted that Fudge in view oiDrake^ Todd^ and Satyavolu fails to teach or suggest all of the 

recitations enumerated in Claim 1. Specifically, the FudgelDrakelToddl Satyavolu combination 

does not teach or suggest a scheduler programmed to determine which of the plurality of 

scanning machines is available to perfomi the security audit scan by examining a schedule for 

each scanning machine to identify scanning machines that are conducting another security audit 

scan or are scheduled to conduct another security audit scan. The FudgelDrakelToddJSatyavolu 

combination also fails to teach or suggest a plurality of scanning machines programmed to 

execute a security audit scan of the remote computer system. 

1. The Fudi^e/DrakdToddl Satyavolu Combination Fails to Teach or Suggest a 
Scheduler as Claimed 

The FudgelDrakelToddlSatyavolu combination does not teach or suggest a scheduler 
programmed to detemiine which of the plurality of scanning machines is available to perform the 
security audit scan by examining a schedule for each scanning machine to identify scanning 
machines that are conducting another security audit scan or are scheduled to conduct another 
security audit scan as set out in independent Claim 1. Scanning machine availability is 
detemiined by a scheduler in the central computer examining a schedule for each of the scanning 
machines. An examination of the schedules allows for the identification of certain scanning 
machines that are conducting a security audit scan or are scheduled to conduct a security audit 
scan. The available scanning machines include all of the scanning machines except for the 
certain scanning machines. 

The Examiner admits that Fudge, Drake, and Todd do not teach a scheduler as claimed in 
independent Claim 1. Office Action at 5. However, the Examiner states that it would have been 
obvious to one of ordinary skill in the art at the time of the invention to "include the central 
computer as a schedider ... evaluating a database to determine if there is an event currently 
scheduled to be run on one of the machines ... and a determining step to determine which 
machine is available to execute the gathering of information . . ./* Office Action at 5. To support 
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his statement, the Examiner relies on Figure 1 (blocks 115 and 127); column 5, line 55 to column 
6, line 7; and column 6, lines 7-34, 

Block 115 of Figure 1 provides a graphical depiction of a centralized computer 
architecture while block 127 provides a graphical depiction of a "scheduled i^date server." See 
Satyavolu, coh 5:59-62 and Figure 1. The portions of Satyavolu in columns 5 and 6 relied upon 
by the Examiner teach a scheduled iq>date server that can access a database to retrieve 
assignments stored therein. Satyavolu^ col 5:59-64, Once the assignments are retrieved, they 
are distributed ''in a hierarchical fashion to a plurahty of connected distributor servers 135." 
Satyavolu^ col. 6:7-9. "Each distributor server 135 contains a work queue (not shown) ad^ed to 
hold job assignments until they are requested from another distributor further down the 
hierarchical line, thus the distribution of tasks for distributors coupled to the [scheduled iq>date 
server] is by pull technology, providing efficient loading." Satyavolu^ coL 6:11-16. As is 
shown, while Satyavolu '$ schedule update server may pull assigtunents from a database, those 
assignments are subsequently dumped into the queue for the next distributor in line* The use of 
queues and "pull technology" by the gatherers in Satyavolu eliminate the need for a scheduler to 
determine which scanning machines are available because when a gatherer in Satyavolu becomes 
available it will just retrieve the next assignment in the queue. 

Satyavolu also teaches a second scheduling server dedicated to handling **instant update 
requests from users.'' Satyavolu^ coL 6:25-26, Furthermore, Satyavolu teaches that the second 
scheduling server does not handle scheduled requests and the requests are still loaded into queues 
of 'instant update distributors" to be passed to gatherers. Satyavolu^ col. 6:25-30. Thus, 
Satyavolu does not teach or suggest a scheduler determining which of the plurality of scanning 
m^hines is available to perform the security audit scan by examining a schedule for each 
scanning machine to identify certain ones of the scanning machines that are conducting another 
security audit scan or are scheduled to conduct another security audit scan, as recited in Claim I. 
Accordingly, reconsideration and withdrawal of the rejection of Claim 1 is respectfully 
requested. 

2. The Fud^e/Drake/Todd/Satvavolu Combination Fails to Teach or Suggest a 

Plurality of Scanning Machines Prograirmied to Execute a Securitv Audit Scan of 
the Remote Computer Svstem 

The FudgelDrakelTodd/Satyavolu combination does not teach or suggest a plurality of 
scanning machines programmed to execute a security audit scan of the remote computer system, 
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as set out in independent Claim 1. Each scanning machine of Claim 1 is capable of conducting 
multiple types of security assessments. Each scanning machine is also in communication with 
the global computer network. 

The Examiner admits that Fudge does not teach a plurality of scanning machines. Office 
Action at 4. However^ the Examiner states that it would have been obvious to one of ordinary 
skill in the art at the time of the invention to ^Include a plurality of scanning machines," Office 
Action at 4 (citing Drake^ col. 1:4-10) . The Examiner also states that **it requires only routine 
skill to duplicate a part for it to have a multiple effect." Office Action at 4 (citing MPEP 
§2144.04 and In re Harza). 

The Examiner directs Applicant's attention to Drake, coL 1:4-10 and its use of multiple 
audit sources in si^ort of his contention that Drake teaches the multiple scanning machines of 
Claim 1. Drake teaches a method for detecting events based on audit data received from one or 
more audit sources. Drake, coL 1:5-12. The multiple audit sources collect *S^w audit data made 
up of raw audit data records at an audit source/* Drake^ col. 3:46-48, In addition, the audit 
source may be ^'security^ system^ and/or application logs maintained by an operating syst^. 
These logs contain raw information on file access, login attempts^ ^iplication functions, and the 
hke." Drake, coL 5:39-42, The raw data from the audit source is then passed to a parser, where 
it is processed. Drake^ col. 8:49-57. The parser converts the audit data fix>m raw fomi into 
virtual records. Drake, col, 7:25-26. The parsed information can then be passed to a detector 
**that detects audit events in response to the Virtual Records generated by the parser . , Drake, 
col 3:55-58. Thus, it is the detector, and not the audit source, that conducts a detection for 
events. The audit source of Drake only collects raw data and does not conduct security audit 
scans as required by the scanning machines of Claim 1, Further, Figure 1 of Drake depicts 
multiple parsers 20 and collectors 26 but only depicts a single detector 32. The basis for a single 
detector in Drake is further supported in colimm 9, which states **the file transfer to the 
downstream process location, where the detector is located, includes Virtual Records generated 
by the parser 20," Drake, col. 9:6-8. As can be seen, the statement implies that there is only 
one detector. Thus, Drake does not teach or suggest a plurality of scanning machines 
programmed to execute a seciuity audit scan of the remote computer system, as set out in 
independent Claim 1 , 
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Further, the system of Claim 1, having multiple scanning machines, is not a mere 
duplication of a single part. The use of multiple scanning machines allows for the integration of 
a scheduler that can review the schedule of each scanning machine and select a scanning 
machine for an audit based on a determination of which machines are not currently conducting a 
scan or are not cuirently scheduled to conduct a secarity audit scan. Accordingly, 
reconsideration and withdrawal of the rejection of Claim 1 is respectfully requested. 

B. The Inventions of Independent Claims 7 and 37 and C laim 10, a^ Amended, are 
Distinguishable from the Todd in view ofSatyavolu 

The rejection of independent Claims 7, 10, and 37 is respectfully traversed. It is 

respectfully submitted that Todd in view of Satyavolu fails to teach or suggest all of the 

recitations enumerated in Claims 7, 37. and amended Claim 10. Specifically, the Toddl Satyavolu 

combination does not teach or suggest determining which of the plurality of scanning machines 

is available to perfoim the security audit scan by examining a schedule for each scanning 

machine to identify scanning machines that are conducting another security audit scan or are 

scheduled to conduct another security audit scan. 

1. The Toddl Satyavolu Combination Fails to Teach or Suggest De tennining the 
Availability of Scanning Machines to Conduct a Security Audit Scan 

The Todd/Saiyavolu combination does not teach or suggest determining which of a 

plurality of scanning machines is available to perform the security audit scan by examining a 

schedule for each scanning machine to identify scanning machines that are conducting another 

security audit scan or are scheduled to conduct another security audit scan as set out in 

independent Claims 7, 37, and amended Claim 10. Detennining the availability of a scanning 

machine to conduct a security audit scan is accomplished by examining a schedule for each of 

the scanning machines. An examination of the schedules allows for the identification of certain 

scanning machines that are conducting a security audit scan or are scheduled to conduct a 

security audit scan. 

The Examiner admits that Todd does not teach determining which of the plurality of 
scanning machines is available to perform the security audit scan by examining a schedule for 
each scanning machine to identify scanning machines that are conducting another security audit 
scan or are scheduled to conduct another security audit scan. Office Action at 7-8, However, the 
Examiner states that it would have been obvious to one of ordinary skiU in the art at the time of 
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the invention to "include a determining step to determine which machine is available to execute 
the gathering of information Office Action at 7-8. To support his contention, the Examiner 
relies on Figure 1 (block 127) and column 6, lines 7-34, 

As discussed herein above, block 127 provides a graphical depiction of a "scheduled 
update server." See Satyavoluy col. 5:59-62 and Figure 1. The portions of Satyavolu in column 6 
relied on by the Examiner teach the distribution of assignments ^ a hierarchical fashion to a 
plurality of connected distributor sctvcts 135." Satyavolu, col. 6:7-9, "Each distributor server 
135 contains a work queue (not shown) adapted to hold job assignments until they are requested 
from another distributor further down the hierarchical Une, thus the distribution of tasks for 
distributors coupled to the [scheduled update server] is by pull technology^ providing efficient 
loading." Satyavolu^ coL 6:1 1-16. As is clearly stated in Satyavolu^ scheduled work assignments 
are distributed to the next distributor in line by passing the assignment into the queue of that 
distributor. The use of queues and '*pull technology" by the gatherers in Satyavolu eliminate the 
need to determine which scanning machines are available because when a gatherer in Satyavolu 
becomes available it will just retrieve the next assignment m the queue, there is no evaluation of 
the gatherers as a whole to determine their current schedules, 

Satyavolu also teaches a second scheduling server dedicated to handling *iiistant update 
requests from users." Satyavolu, col. 6:25-26* Instant update requests are sent to the server by a 
user, via the Internet, where these requests are passed through a second set of distributors and 
gatherers. Satyavolu, col. 6:25-30. While Satyavolu states that the second set of distributors 
does not operate by pull technology> Satyavolu does not teach how these requests are passed to 
the gatherers other than to say that the requests are still passed to the queue of the second set of 
distributors, Satyavolu^ col, 6:25-34. Thus, Satyavolu does not teach or suggest detennining 
which of the plurality of scanning machines is available to perform the security audit scan by 
examining a schedule for each scanning machine to identify certain ones of the scanning 
machines that are conductiiig another security audit scan or are scheduled to conduct another 
security audit scan, as recited in Claims 7, 37 and amended Claim 10. Accordingly, 
reconsideration and withdrawal of the rejection of Claims 7, 37, and amended Claim 10 is 
respectfully requested. 
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C. The Invention of Dependent Claims 3, 14. and 40 is Distinguishable from the 
FudselDrakelToddlSatvavolu Combination 

The rejection of dependent Claims 3, 14^ and 40 is respectfully traversed. It is 
respectfully submitted that the Fudge/Drake/Todd/Satyavolu combination fails to teach or 
suggest the recitations enumerated in Claims 3, 14, and 40. Specifically, the 
FudgelDrakelToddlSatyavolu combination does not teach or suggest issuing a notification that 
the security audit scan is commencing or being conducted. 

The Examiner contends that Todd teaches a central computer programmed to issue a 
notification the security audit scan is commencing. Office Action at 6. In support of his 
contention, Examiner directs Applicant's attention to Figure 3, block 42; Figure 7, block 42; and 
coluron 6, lines 40-49 of Todd. Figure 3^ block 42 states that a '^customer uses email to start 
assessment.*' Further, Figure 7, block 42 states that ''buyer uses email to view old assessment or 
start a new assessment." Neither of these figures teaches or suggests issuing a notification to a 
user interface that the security audit scan is commencing . At best, these figures describe a way 
for the buyer/user to begin the scan. 

Column 6, lines 40-49 of Todd describes a method for reporting the results of a scan of a 
system to a buyer. An email is sent by a seller to a buyer containing a link to a hypertext page, 
Todd, coL 6:40-43- Todd goes on to teach that providing the link by email improves the security 
of results by limiting access to the results to a buyer with the link. Todd^ col. 6:43-49. The email 
sent by the seller to the buyer can also be used by the buyer to initiate the test. Todd^ Figure 3 
[block 42 and above]; Figure 7 [block 42 and above]; col. 6:50-51. Therefore, the email being 
sent by the seller to the buyer, in Todd^ can not be a notification that the scan is commencing 
because the scan can not commence unless and until the buyer actually responds to the email in a 
particular way. It is possible that the buyer may never respond to the email, in which case the 
scan will never have commenced Accordingly, reconsideration and withdrawal of the rejection 
of dependent Claims 3, 14» and 40 is respectfiilly requested. 

IV. The Inventions of Dependent Claims 2-6^^ 8^ 9. 11*36 and 38-47 are 
Distinguishable from the Cited Art 

The Applicant respectfiilly submits that the above-identified dependent claims are 
allowable because the independent claims ftom which they depend, Claims 1, 7, 10, and 37 are 
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patentable over the cited references. The Applicant also respectfully traverses the Examiner's 
assertions about these clairas and submits that the recitations of these dependent claims are of 
patentable significance. The Applicant respectfully requests that the Examiner reconsider and 
withdraw the paiding rejection of Claims 2-6, 8, 9, 1 1-36, and 38-47. 



The foregoing is submitted as a full and complete response to the Official Action mailed 
on January 7, 2005, The Applicant has amended the claims and has submitted remarks to 
traverse the objections and rejections of pending Claims 1-8 and 10-47. The Applicant has 
shown above that Claims 1-8 and 10-47 are allowable over the art cited by the Examiner and 
respectfully request that the Examiner withdraw all pending rejections and/or objections to 
Claims 1-8 and 10-47, If the Examiner beheves that Ihere are any issues that can be resolved by 
a telephone conference, or that there are any informalities that can be corrected by an Examiner's 
amendment, a telephone call to the undersigned at (404) 572-4691 to discuss same is respectfiilly 
requested. 



KING & SPALDING LLP 
45* Floor 

191 Peachtree Street 
Atlanta, Georgia 30303 
404.572.4691 
KS# 05456.105045 
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Respectfully submitted. 




